Cyberattack meant to warn Iran against targeting Israeli infrastructure

A cyberattack on Iran's Shahid Rajaee port last week was meant to warn the Islamic Republic against targeting Israeli infrastructure, after a reportedly Iranian cyberattack targeted Israeli water systems last month.

On May 11, Mohammad Rastad, Managing Director of the Ports and Maritime Organization (PMO), announced that a cyberattack managed to damage a number of private systems at the Shahid Rajaei port, confirming that the attack was carried out by a foreign entity, according to Fars.

While Rastad stressed that operations had not been disrupted by the attack, US and foreign government officials told The Washington Post that traffic in the area came to a halt and was plagued with issues for a number of days.

According to The New York Times, the attack was a direct response to a cyberattack on Israeli water infrastructure and was meant to send a message to Iran that they shouldn't try targeting Israel infrastructure.

Earlier this month, Israel’s security cabinet met to discuss an alleged Iranian cyberattack on Israeli water and sewage facilities that took place on April 24.

The attack caused a pump at a municipal water system in the Sharon region of central Israel to stop working. Operation resumed shortly after, but it was recorded as an exceptional event, according to the Times.

A security company that investigated the incident found that malware caused the shutdown and the incident was reported to the Israel National Cyber Directorate and other Israeli intelligence agencies. Israeli officials found that the malware had come from one of the offensive cyberunits in the Iranian Revolutionary Guards Corps (IRGC). The attack and the quality of the attack were described as "miserable" by intelligence officials, according to the Times.

Although the attack on Israel's water system did not cause substantial damage, it was still seen as a substantial escalation by the Iranians, especially since the attack targeted civilian infrastructure.

Initially, Israeli officials had decided not to retaliate for the attack on the water system, as the attack would have been minor even if it had succeeded, but changed their minds after news of the attack was published in Israeli media, according to high-ranking intelligence officials and experts in the region.

Government officials, led by then defense minister Naftali Bennett, felt that Israel should respond similarly by targeting Iranian civilian infrastructure and then leaking it to international media.

The Shahid Rajaee port was specifically chosen because it was not a central target and would send a warning that attacks on Israeli civilian infrastructure would not go unanswered and crossed a red line.

No more than 20 freight ships enter the Shahid Rajaee port every month. The port's authorities detected the cyberattack soon after it began, but failed to fix it immediately.

According to the Times, the restrained nature of both cyberattacks seems to indicate that both sides want to avoid an escalation. While one intelligence official said that Israel hopes the attack on the port will end the current cyber exchange, an intelligence assessment stated that the IRGC could respond with another attack on Israel.

Israeli security officials instructed sensitive facilities and national infrastructure to increase awareness and alertness amid fears of a cyberatack by Iran or a pro-Iranian group after reports about Israel's involvement in the cyberattack on the Iranian port were published, according to Walla! news.

While Israeli officials have remained silent about the reports, IDF cyberdefense officials and the Israel National Cyber Directorate raised their awareness and preparedness levels in preparation for a number of possible complex situations and attacks.

Cyberdefense companies and officials were asked to direct their employees to not open files or messages from sources they don't know or aren't sure about. Emphasis was put on messages concerning the coronavirus which could be used in cyberattack attempts.

Israel's Chief of Staff, Gen. Aviv Kochavi, appeared to reference the cyberattack on the Iranian port at a ceremony on Tuesday, saying "We will continue to use a diverse array of military tools and unique warfare methods to hurt the enemy."

On Tuesday, Iranian officials continued to deny that the attack had caused any major trouble or disruption, according to Fars.

  

The Washington Post, which first reported on Tuesday that Israel was likely behind the attack on the port, added that the attack halted traffic and caused “total disarray” at the Shahid Rajaei Port.

Satellite photographs showing miles-long traffic jams on highways leading the Shahid Rajaee port and dozens of loaded container ships waiting just off the coast were shown to the Post as well.

The cyberattack was “highly accurate,” according to a security official with a foreign government that monitored the incident, which reportedly took place on May 9, two days before Iranian officials acknowledged it had occurred.

“If Israel is the one who responded to the Iranian attack that targeted civilian infrastructure, Israel is making it clear that civilian systems should be left out of battle,” explained former IDF intelligence chief and executive director of the INSS Amos Yadlin on Twitter. “This is a significant message about the vulnerability of Iran’s financial systems to Israeli cyber abilities.”